News items for tag linux - Koos van den Hout

2019-06-02 Trying to backup to a cloudservice again 1 week ago
After the migration to the new homeserver was finished I found out I had to run backups on a separate computer: misconfigured backups so the old idea of backups to a cloudservice is on my mind again. I've looked into this before: Backup to .. the cloud! and I still want to backup to a cloud-based service which has a webdav interface and is based on owncloud. With some searching I came across How to synchronize your files with TransIP’s STACK using the commandline.

I'd like the outgoing bandwidth to be limited so the VDSL uplink isn't completely filled with the backup traffic. Installing owncloud-client-cmd still has a lot of dependencies on graphical stuff, but doesn't install the GUI of the owncloud client. In owncloud-client-cmd I can't set the bandwidth limits, but I can set those in the graphical client. But after a test it shows that owncloud-client-cmd doesn't read .local/share/data/ownCloud/owncloud.cfg for the bandwidth settings.

At least with the VDSL uplink speed and the wondershaper active the responsiveness of other applications at home never suffered. Maybe specific rules for the IP addresses of the cloud service could ratelimit the uploads.

Tags: , ,
2019-05-06 Making checking SSL certificates before installing them a bit more robust 1 month ago
Encrypt all the things meme With all the automated updates of certificates as described in Enabling Server Name Indication (SNI) on my webserver and Automating Let's Encrypt certificates further I wondered about what would happen when some things got corrupt, most likely as a result of a full disk. And a simple test showed out that the checkcert utility would happily say two empty files are a match because the sha256sum of two empty public keys is the same.

Solution, do something with the errorlevel from openssl. New version of checkcert:

# check ssl private key 1 with ssl pem encoded x509 certificate 2 public key

SUMPRIVPUBKEY=`openssl pkey -in $1 -pubout -outform pem || echo privkey | sha256sum`
SUMCERTPUBKEY=`openssl x509 -in $2 -noout -pubkey -outform pem || echo pubkey | sha256sum`

if [ "${SUMPRIVPUBKEY}" = "${SUMCERTPUBKEY}" ]; then
        exit 0
        exit 1
And now:
koos@gosper:~$ /usr/local/bin/checkcert /dev/null /dev/null
unable to load key
139636148224064:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:686:Expecting: ANY PRIVATE KEY
unable to load certificate
139678825668672:error:0906D06C:PEM routines:PEM_read_bio:no start line:../crypto/pem/pem_lib.c:686:Expecting: TRUSTED CERTIFICATE
koos@gosper:~$ echo $?

Tags: , , ,
2019-05-04 Considering enabling Server Name Indication (SNI) on my webserver 1 month ago
Encrypt all the things meme While making a lot of my websites available via HTTPS I started wondering about enabling Server Name Indication (SNI) because the list of hostnames in the one certificate (subjectAltName parameter) keeps growing and they aren't all related.

So on a test system with haproxy I created two separate private keys, two separate certificate signing requests and requested two separate certificates. One for the variants of and one for most of the names. The whole requesting procedure happened on the system where my automated renewal and deployment of LetsEncrypt certificates with dehydrated happens so the request went fine. For the configuration of haproxy I was following HAProxy SNI where 'terminating SSL on the haproxy with SNI' gets a short mention.

So I implemented the configuration as shown in that document and got greeted with an error:
haproxy[ALERT] 123/155523 (3435) : parsing [/etc/haproxy/haproxy.cfg:86] : 'bind :::443' unknown keyword '/etc/haproxy/ssl/webserver-idefix-main.pem'.
And found out that the crt keyword has to be repeated.

This is why I like having a test environment for things like this. Making errors in the certificate configuration on the 'production' server will give visitors scary and/or incomprehensible errors.

So the right configuration for my test is now:
frontend https-in
    bind :::443 v4v6 ssl crt /etc/haproxy/ssl/webserver-campwireless.pem crt /etc/haproxy/ssl/webserver-idefix-main.pem
And testing it shows the different certificates in use when I use the -servername parameter for openssl s_client to test things.
$ openssl s_client -connect -servername -showcerts -verify 3
Server certificate
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Verification: OK
$ openssl s_client -connect -servername -showcerts -verify 3
Server certificate
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Verification: OK
The certificates are quite separate. Generating the certificate signing requests with a separate private key for each request works fine.

So if I upgrade my certificate management to renew, transport, test and install multiple certificate for the main webserver it would work.
Read the rest of Considering enabling Server Name Indication (SNI) on my webserver

Tags: , , , ,
2019-04-25 Accepting multiple passwords for IMAPS access 1 month ago
After upgrading to the new homeserver my old setup to allow two passwords for IMAPS logins so I can use a separate password for IMAPS access for those devices that insist on saving a password without asking.

I have the following PAM libraries:
ii  libpam-modules 1.1.8-3.6    amd64        Pluggable Authentication Modules
And I debugged the problem using the pamtester program which makes debugging this problem a lot easier than constantly changing the configuration and restarting the imap server.

The relevant configuration now is:
# PAM configuration file for Courier IMAP daemon

#@include common-auth
# here are the per-package modules (the "Primary" block)
auth    required quiet user ingroup users
#auth   [success=1 default=ignore] nullok_secure
auth    sufficient nullok_secure
auth    sufficient db=/etc/courier/extrausers crypt=crypt use_first_pass
# here's the fallback if no module succeeds
auth    requisite             
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required              
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
@include common-account
@include common-password
@include common-session
And now both my unix login password and the extra password are accepted.

Tags: , , ,
2019-02-05 Starting tcpdump causes bluetooth drivers to be loaded .. on a virtual machine 4 months ago
I noticed something really weird in the kernel log of a virtual machine:
Feb  5 11:46:54 server kernel: [2936066.990621] Bluetooth: Core ver 2.22
Feb  5 11:46:54 server kernel: [2936067.005355] NET: Registered protocol family 31
Feb  5 11:46:54 server kernel: [2936067.005901] Bluetooth: HCI device and connection manager initialized
Feb  5 11:46:54 server kernel: [2936067.006404] Bluetooth: HCI socket layer initialized
Feb  5 11:46:54 server kernel: [2936067.006838] Bluetooth: L2CAP socket layer initialized
Feb  5 11:46:54 server kernel: [2936067.007280] Bluetooth: SCO socket layer initialized
Feb  5 11:46:54 server kernel: [2936067.009650] Netfilter messages via NETLINK v0.30.
Feb  5 11:46:54 server kernel: [2936067.056017] device eth0 entered promiscuous mode
The last two are the giveaway about what really happened: I started tcpdump to debug a problem. But I did not expect (and do not need) bluetooth drivers on a virtual machine, it will never have access to a bluetooth dongle.

After setting up /etc/modprobe.d/local-config.conf with
blacklist bluetooth
tcpdump still works fine and no bluetooth drivers are loaded.

Update: Most recommendations are to disable the bluetooth network family:
alias net-pf-31 off

Tags: ,
2019-01-30 Misconfigured backups 4 months ago
I have "always" been running amanda for backups on linux. Or rather, I can't find any indication when I started doing that several homeserver versions ago, it's just still running.

Or it was running, but first I had to tackle a hardware problem: all SCSI controllers I have are PCI and the newest homeserver has no PCI slots. So I searched for a solution. The first solution was to try using the desktop system for the tapedrive, but the powersupply in that system has no 4-lead Molex connectors so I can't connect the tapedrive.

For now I use an old 'test' system with some software upgrades to run amanda and shut it down when all backups are done and flushed to tape. But amanda had a serious problem writing stuff to tape. With some debugging this turned out to be caused by the variable blocksize I used on the previous systems, with
# mt -f /dev/nst0 setblk 0
and I can't even find out why this seemed like a good idea years ago. But now amanda really wants to use 32768 byte blocks and filled a DDS-3 tape (12 Gb without compression) with about 1.8 Gb of data before reaching the end of the tape.

Why this default has changed isn't clear to me, but I found a way to re-initialize the tapes so the backups fit again. Based on block size mismatch - backup central I created a script to do this. I did not get the error about the blocksize, but I searched specifically for 'amanda 3.3.6 blocksize'.

if [ "$1" = "" ]; then
        echo "Usage: $0 <tapename>"

mt -f /dev/nst0 setblk 32768
mt -f /dev/nst0 compression 1
mt -f /dev/nst0 rewind
dd if=/dev/zero of=/dev/nst0 bs=32768 count=200
mt -f /dev/nst0 setblk 32768
mt -f /dev/nst0 compression 1
mt -f /dev/nst0 rewind
amlabel -f kzdoos $1
And now normal amounts of data fit on a tape again. I just have to initialize every tape before using it for the first time in this setup.

Tags: , ,
2019-01-02 Migration to new server finished 5 months ago
More than a year after I started migrating from homeserver greenblatt to the new homeserver conway the last migration is done and the old server is switched off. The new server is in a good position in the rack, and the old server is still taking up space in there too. It has taken a lot of time, I decided to stop some websites and other unused services in the process and my energy levels haven't always been that great. I have improved several things in the process, which also caused delays.

One thing hasn't changed (which I did expect to change): the power usage of the new server isn't lower! The UPS tells me the output load is about the same. Ok, the new hardware has a lot more CPU power, a lot more memory and faster storage, but I expected the poweruse to go down a bit.

Tags: , , ,
2019-01-01 Switching to 1-wire over USB and forwarding a USB device to a guest VM 5 months ago
The new hardware for the homeserver has no external serial ports, so I could not use the old serial / 1-wire interface that has been doing the home monitoring for years. But I had a spare USB DS2490 interface. So I plugged this into the server and wanted to forward the USB device to the guest VM that runs all the monitoring.

First I had to blacklist all the loaded drivers to have the device available to kvm as-is. In /etc/modprobe.d/local-config.conf:
blacklist w1_smem
blacklist ds2490
blacklist wire
Next step was to attach the device to the right vm. I followed the hints at How to auto-hotplug usb devices to libvirt VMs (Update 1) and edited the definition for the vm to get the host device like:
    <hostdev mode='subsystem' type='usb' managed='no'>
        <vendor id='0x04fa'/>
        <product id='0x2490'/>
But that did not get the usb device attached to the running VM and I did not feel like rebooting it. So I created an extra file with the above and did a
root@conway:~# virsh attach-device --live gosper /tmp/onewire.xml 
Device attached successfully
And then I had to do the same blacklisting as above in the virtual machine. After doing that I detached and attached it from the VM without touching it with simply:
root@conway:~# virsh detach-device --live gosper /tmp/onewire.xml 
Device detached successfully

root@conway:~# virsh attach-device --live gosper /tmp/onewire.xml 
Device attached successfully
After that I had to set up rules for the telemetry user to have enough access to the USB device:
SUBSYSTEMS=="usb", GOTO="usb_w1_start"
ATTRS{idVendor}=="04fa", ATTRS{idProduct}=="2490", GROUP="telemetry", MODE="0666"
And now it all works:
telemetry@gosper:~$ digitemp_DS2490 -a
DigiTemp v3.7.1 Copyright 1996-2015 by Brian C. Lane
GNU General Public License v2.0 -
Found DS2490 device #1 at 002/003
Jan 01 21:53:11 Sensor 10A8B16B0108005D C: 9.500000
Jan 01 21:53:12 Sensor 28627F560200002F C: 17.062500
Jan 01 21:53:14 Sensor 10BC428A010800F4 C: 19.562500
Jan 01 21:53:15 Sensor 1011756B010800F1 C: 11.937500
Jan 01 21:53:16 Sensor 10B59F6B01080016 C: 16.312500
Jan 01 21:53:17 Sensor 1073B06B010800AC C: 18.687500
Jan 01 21:53:18 Sensor 102B2E8A010800F0 C: 29.250000
Jan 01 21:53:20 Sensor 28EF71560200002D C: 16.687500
Working house temperatures again!

Tags: , , , ,
2018-12-30 New GcmWin for Linux 5 months ago
The author of GcmWin for Linux responded quickly to my report of being unable to install gcmwin after installing a new Linux version and made a new version available which does run fine on Ubuntu 18.04. Again my thanks to Roger Hedin SM3GSJ for making GcmWin available.

Tags: , ,
2018-12-30 First annoyance with systemd on thompson 5 months ago
On reinstalling thompson I was not sure whether to pick ubuntu (with lots of package support for amateur radio) or devuan (without systemd). I chose ubuntu to keep access to lots of amateur radio packages but as expected the first systemd problem already got me. Names in the internal network with RFC1918 addresses weren't resolvable.

After some searching I found out systemd-resolved had decided the last nameserver advertised via IPv6 was the one to use. As I could not find a lot of information on how to do the ordering I just decided to kick it all out and switch to normal resolving. Some searching found How to disable systemd-resolved in Ubuntu? - ask ubuntu which has the right steps. Back to somewhat normal, the next step is to convince NetworkManager to use IPv6 resolving before IPv4.

Tags: , , ,
2018-12-23 I upgraded the 'radio workstation' thompson 5 months ago
As mentioned in New 2 meter distance: 506 kilometers I was still running the old wsjt-x because a newer version requires a newer Linux environment. With a bit of time in the christmas holidays available and more and more things depending on this upgrade I ordered a new disk from Azerty so the reinstallation would be easier. The old linux installation on the radio workstation was several Ubuntu versions old, it was still a 32-bit installation because of earlier hardware compatibility issues and something in D-Bus communication gave lots of errors at bootup, so I expected another upgrade to give me an unavailable system.

The new disk came faster than expected, and I did an install with Xubuntu because I'm ok with the Xfce environment.

One problem is back: the system starts with the two monitors swapped and after the screensaver kicks in the monitors somehow end up in mirrored mode.

And Gcmwin for linux failed in the upgrade since it depends on older libraries. Already reported to the author.

Lots of upgraded software, the most important ones in amateur radio are CQRLOG which showed the well-known MySQL problems until I used the version from the CQRLOG ppa. Everything now works fine and all the earlier confirmations of PSK contacts have been imported. And the trigger that all started this upgrade WSJT-X has been upgraded using the WSJTX General Availability Release ppa.

Tags: , ,
2018-12-19 New 2 meter distance: 506 kilometers 5 months ago
Today I had a listen on the 2 meter band with FT8 from wsjt-x 1.9.1, which is currently the near-ancient version but I can't upgrade yet (wsjt-x 2.0.0 requires newer Qt libraries which require a newer linux environment).

But I decoded some signals including a new callsign from Germany. It's always nice to work a new callsign so I answered it and the contact was made after a few tries. Only when I checked the gridsquare and the map I saw that DK1FG is a new 2 meter band distance record for me : 506 kilometers. Looking at that qrz page makes clear why that was possible: on that end 8 stacked 12 element antennes are available for 2 meter DX.

Update 2018-12-21: I just saw wsjt-x packages for other ubuntu versions are available in the WSJTX General Availability Release ppa but the 'oldest' Ubuntu version supported is Ubuntu 16.04.5 LTS 'Xenial'.

Tags: , , ,
2018-11-28 Using mice adopted to my hands 6 months ago
The old rsi problem was acting up again, just like I had RSI in 1999.

One of the things I now did was add a left-side mouse on the linux desktop at home. I have used a left-side mouse for a number of years on a linux desktop and used the instructions from the xmodmap manpage:
       Many  pointers are designed such that the first button is pressed using
       the index finger of the right hand.  People who  are  left-handed  fre‐
       quently  find  that  it is more comfortable to reverse the button codes
       that get generated so that the primary  button  is  pressed  using  the
       index  finger  of  the  left  hand.   This  could be done on a 3 button
       pointer as follows:
       %  xmodmap -e "pointer = 3 2 1"
But I now have two USB mice, one with a forward/backward button and a clearly right-handed design and one simple one on the left. And it is possible to selectively swap mouse buttons on only one input device with xinput.

The list of all inputs:
koos@thompson:~$ xinput list
⎡ Virtual core pointer                          id=2    [master pointer  (3)]
⎜   ↳ Virtual core XTEST pointer                id=4    [slave  pointer  (2)]
⎜   ↳ Logitech USB-PS/2 Optical Mouse           id=9    [slave  pointer  (2)]
⎜   ↳ Logitech Optical USB Mouse                id=10   [slave  pointer  (2)]
⎣ Virtual core keyboard                         id=3    [master keyboard (2)]
    ↳ Virtual core XTEST keyboard               id=5    [slave  keyboard (3)]
    ↳ Power Button                              id=6    [slave  keyboard (3)]
    ↳ Power Button                              id=7    [slave  keyboard (3)]
    ↳ Burr-Brown from TI               USB Audio CODEC  id=8    [slave  keyboard (3)]
    ↳ VIA Technologies Inc. USB Audio Device    id=11   [slave  keyboard (3)]
    ↳ daskeyboard                               id=12   [slave  keyboard (3)]
    ↳ daskeyboard                               id=13   [slave  keyboard (3)]
    ↳ Dell WMI hotkeys                          id=14   [slave  keyboard (3)]
Setting the button order happens with xinput set-button-map which needs an ID. Solution in .xsession:
xinput set-button-map $(xinput list --id-only "Logitech Optical USB Mouse") 3 2 1

Oh, and in that other operating system I use (Windows) one of the problems is the user can't set mouse button order per device. And technical specifications of left-handed mice do not list whether the buttons are swapped in hardware.

Tags: , ,
2018-11-23 Automatic ls colours can be slow 6 months ago
I noticed certain commands taking a while to start, including a simple ls. At last I got annoyed enough to diagnose the whole situation and found out the problem is the combination of symbolic links in the listed directory pointing to filesystems behind automounter, one mounted filesystem coming from a NAS with sleeping disk and ls --color doing a stat() on the target of a symbolic link to find the type of the target file to be able to select a colour.

My solution: find the source of the alias and disable it.

Tags: , ,
2018-11-16 Changing the way I listen to podcasts 7 months ago
I bought the iRiver ifp-795 in May 2005 to listen to podcasts, mostly while cycling to and from work.

But I need to find time to download new episodes on the laptop and copy them in the right order to the storage of the mp3 player. There is an another device which can do all this and can play the mp3 files too: my android smartphone.

So I looked for an Android podcast player which can deal with podcast feeds not in its own directory. After reading an overview article and browsing the play store I found RadioPublic and managed to add my favourite podcasts.

Adding a feed it didn't know was a bit harder than expected. I want to listen to The ICQ Amateur / Ham Radio Podcast but it wasn't listed. So I tried to add the RSS feed myself by typing the URL which failed. Adding it only worked out after I opened the RSS feed in my browser on android and copied and pasted the url to the 'search' field.

The application has a nice playlist and I can order the downloaded episodes in such a way that I don't get several episodes from the same show in a row.

Ok, I found one downside: it seems impossible to add an mp3 downloaded via the browser to the RadioPublic playlist.

Tags: , ,
2018-10-12 Serious slowness with rrdgraph from rrdtool 8 months ago
One of the things still needing migrating is the NTP server stats which obviously uses rrdtool. Because I want to keep the history I migrated the datasets with:
/usr/local/rrdtool/bin/rrdtool dump \
| ssh newhost /usr/bin/rrdtool restore -f -
And then create a graph of the plloffset for example using:
/usr/bin/rrdtool graph /tmp/ \
--title " pll offset (last 24 hours)" --imginfo \
'<img src="tmpgraphs/%s" WIDTH="%lu" HEIGHT="%lu" alt="Graph">' \
--start -24hours --end now --vertical-label="Seconds" --color BACK#0000FF \
--color CANVAS#c0e5ff --color FONT#ffffff --color GRID#ffffff \
--color MGRID#ffffff --alt-autoscale --imgformat PNG --lazy \ \
CDEF:wipeout=offset,UN,INF,UNKN,IF CDEF:wipeoutn=wipeout,-1,* \
LINE1:offset#000000:"Offset\:" \
GPRINT:offset:LAST:"Current\:%.3lf%s" \
GPRINT:offset:MIN:"Min\:%.3lf%S" \
GPRINT:offset:MAX:"Max\:%.3lf%S" \
GPRINT:offset:AVERAGE:"Average\:%.3lf%S" \
AREA:wipeout#e0e0e0 AREA:wipeoutn#e0e0e0
But on the old server this takes 0.026 seconds, on the new server 3 minutes and 47.46 seconds. No idea what is happening, strace shows nothing strange and rrdtool uses 1 cpu at 100% all that time.
Read the rest of Serious slowness with rrdgraph from rrdtool

Tags: , , ,
2018-10-03 Seeing the same names in logcheck mails every hour 8 months ago
I use the logcheck package to monitor for unexpected log entries. Since upgrading to the new homeserver conway I noticed DNSSEC failures coming back regularly, even at weird times of the night while the domain names seemed related to services we sometimes interact with during the day. To search deeper I enabled query logging on DNS (with a short retention period) in order to find the source.

Eventually I found it: the DNSSEC failures came at the time the mail from logcheck was delivered, because it mentioned domain names that cause a DNSSEC failure. So the way to 'fix' this problem and avoid similar other problems was to whitelist logcheck mail.

Update 2018-10-05: That only helps when enabling the Mail::SpamAssassin::Plugin::Shortcircuit plugin and enabling the USER_IN_WHITELIST shortcircuit.

Update 2018-10-07: Even with whitelist and shortcircuit I still see queries for domain names in the logcheck mails. Call to spamassassin is now changed...

Now, once again...this time with FEEwing

Tags: , ,
2018-09-26 Made the big bang to the new homeserver 8 months ago
So for months and months I had hardware ready for the new homeserver, I was testing bits and pieces in the new environment and I still did not get around to making the big bang. Part of the time the new system was running and using electricity.

And a few weeks ago I had time for the big bang and forgot to mention it!

So one free day I just did the last sync of homedirectories and started migrating all services in a big bang. No more but, if, when, is it done yet. It's a homeserver, not a complete operational datacenter. Although with everything running it sometimes does look that way!

The new setup, more completely documented at Building - and maintaining home server conway 2017 is now running almost all tasks. The main migration was homedirectories, mail, news, webservers. Things are now split over several virtual machines and the base virtual machine running kvm virtual machines is as minimal as possible.

One thing I just noticed is that the new virtual machine with pppoe kernel mode drivers and updated software is doing great: the bigger MTU is working by default and kernel mode pppoe does not show up as using CPU when a 50 mbit download is active. I looked at CPU usage with htop and at the network traffic with iptraf and the result was that iptraf was using the most cpu.

There are still some things left to migrate, including a few public websites that currently give 50x errors. But I will find the time eventually.

Tags: , , ,
2018-09-24 After 25 years with sendmail there was still something to improve 8 months ago
I still like running sendmail on my own systems. But sendmail evolves with time and my configuration does improve slightly sometimes, such as on the introduction of authenticated smtp with secondary passwords.

After the recent upgrades to the home server there is a new mail server with some other new details and suddenly other systems at home could not relay. A bit of searching found Best practice: sendmail and SMTP auth with the right flags for the DAEMON_OPTIONS to only offer authentication on port 587 (submission).

I noticed the local systems tried relaying via port 587 so I changed this to port 25 where IP-based relaying is allowed. No idea why I set this up to use the port 587 when I set it up previously.

And yes, I checked it, I started with sendmail in 1993, so 25 years of sendmail on port 25. I did start with writing my own rules but I switched to .mc based configurations.

Tags: , , ,
2018-09-21 Setting my bash prompt PS1 to remind me I'm in screen 8 months ago
With some systems constantly running screen and others not I started to get confused. Solution: change the visual indications in the prompt inside screen.

I decided to just change the username color in PS1 when I'm in screen. So now:
PS1='${STY:+\[\e[1;36m\]}\u${STY:+\[\e[0m\]}@\h:\w\$ '
In bash, ${STY:+..} gives output when shell variable STY is set. So I add the color set/unset commands to the prompt when STY, a typical screen variable is set. The result is dark cyan, a color that works (for me) on my normal light-grey background xterm/putty sessions.

Oh, and for root things are different:
PS1='\[\e[1;91m\]\u@\h\[\e[0m\]:\w\$ '
Which gives a light red user@hostname.

In the above \e causes an escape to be printed. Wrapping parts of the prompt between \[ and \] causes bash to ignore those for counting the length of the prompt so it doesn't get confused on redrawing the prompt when editing the commandline.

Samples of colours and other formatting at FLOZz' MISC » bash:tip_colors_and_formatting.

Tags: , ,
  Older news items for tag linux ⇒
, reachable as PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews